mirror of
https://git.pleroma.social/sjw/pleroma.git
synced 2025-01-28 03:49:57 +01:00
validate actor type
This commit is contained in:
parent
cf139b06a3
commit
3249141588
@ -511,7 +511,23 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
|
||||
- `discoverable`
|
||||
- `actor_type`
|
||||
|
||||
- Response: none (code `200`)
|
||||
- Response:
|
||||
|
||||
```json
|
||||
{"status": "success"}
|
||||
```
|
||||
|
||||
```json
|
||||
{"errors":
|
||||
{"actor_type": "is invalid"},
|
||||
{"email": "has invalid format"},
|
||||
...
|
||||
}
|
||||
```
|
||||
|
||||
```json
|
||||
{"error": "Unable to update user."}
|
||||
```
|
||||
|
||||
## `GET /api/pleroma/admin/reports`
|
||||
|
||||
|
@ -538,9 +538,10 @@ defmodule Pleroma.User do
|
||||
|> delete_change(:also_known_as)
|
||||
|> unique_constraint(:email)
|
||||
|> validate_format(:email, @email_regex)
|
||||
|> validate_inclusion(:actor_type, ["Person", "Service"])
|
||||
end
|
||||
|
||||
@spec update_as_admin(%User{}, map) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()}
|
||||
@spec update_as_admin(User.t(), map()) :: {:ok, User.t()} | {:error, Changeset.t()}
|
||||
def update_as_admin(user, params) do
|
||||
params = Map.put(params, "password_confirmation", params["password"])
|
||||
changeset = update_as_admin_changeset(user, params)
|
||||
@ -561,7 +562,7 @@ defmodule Pleroma.User do
|
||||
|> put_change(:password_reset_pending, false)
|
||||
end
|
||||
|
||||
@spec reset_password(User.t(), map) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()}
|
||||
@spec reset_password(User.t(), map()) :: {:ok, User.t()} | {:error, Changeset.t()}
|
||||
def reset_password(%User{} = user, params) do
|
||||
reset_password(user, user, params)
|
||||
end
|
||||
|
@ -693,7 +693,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
|
||||
%{assigns: %{user: admin}} = conn,
|
||||
%{"nickname" => nickname} = params
|
||||
) do
|
||||
with {_, user} <- {:user, User.get_cached_by_nickname(nickname)},
|
||||
with {_, %User{} = user} <- {:user, User.get_cached_by_nickname(nickname)},
|
||||
{:ok, _user} <-
|
||||
User.update_as_admin(user, params) do
|
||||
ModerationLog.insert_log(%{
|
||||
@ -715,11 +715,16 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
|
||||
json(conn, %{status: "success"})
|
||||
else
|
||||
{:error, changeset} ->
|
||||
{_, {error, _}} = Enum.at(changeset.errors, 0)
|
||||
json(conn, %{error: "New password #{error}."})
|
||||
errors =
|
||||
Enum.reduce(changeset.errors, %{}, fn
|
||||
{key, {error, _}}, acc ->
|
||||
Map.put(acc, key, error)
|
||||
end)
|
||||
|
||||
json(conn, %{errors: errors})
|
||||
|
||||
_ ->
|
||||
json(conn, %{error: "Unable to change password."})
|
||||
json(conn, %{error: "Unable to update user."})
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -3191,8 +3191,12 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||
end
|
||||
|
||||
describe "PATCH /users/:nickname/credentials" do
|
||||
test "changes password and email", %{conn: conn, admin: admin} do
|
||||
setup do
|
||||
user = insert(:user)
|
||||
[user: user]
|
||||
end
|
||||
|
||||
test "changes password and email", %{conn: conn, admin: admin, user: user} do
|
||||
assert user.password_reset_pending == false
|
||||
|
||||
conn =
|
||||
@ -3222,9 +3226,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||
"@#{admin.nickname} forced password reset for users: @#{user.nickname}"
|
||||
end
|
||||
|
||||
test "returns 403 if requested by a non-admin" do
|
||||
user = insert(:user)
|
||||
|
||||
test "returns 403 if requested by a non-admin", %{user: user} do
|
||||
conn =
|
||||
build_conn()
|
||||
|> assign(:user, user)
|
||||
@ -3236,6 +3238,31 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
|
||||
|
||||
assert json_response(conn, :forbidden)
|
||||
end
|
||||
|
||||
test "changes actor type from permitted list", %{conn: conn, user: user} do
|
||||
assert user.actor_type == "Person"
|
||||
|
||||
assert patch(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials", %{
|
||||
"actor_type" => "Service"
|
||||
})
|
||||
|> json_response(200) == %{"status" => "success"}
|
||||
|
||||
updated_user = User.get_by_id(user.id)
|
||||
|
||||
assert updated_user.actor_type == "Service"
|
||||
|
||||
assert patch(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials", %{
|
||||
"actor_type" => "Application"
|
||||
})
|
||||
|> json_response(200) == %{"errors" => %{"actor_type" => "is invalid"}}
|
||||
end
|
||||
|
||||
test "update non existing user", %{conn: conn} do
|
||||
assert patch(conn, "/api/pleroma/admin/users/non-existing/credentials", %{
|
||||
"password" => "new_password"
|
||||
})
|
||||
|> json_response(200) == %{"error" => "Unable to update user."}
|
||||
end
|
||||
end
|
||||
|
||||
describe "PATCH /users/:nickname/force_password_reset" do
|
||||
|
Loading…
x
Reference in New Issue
Block a user